403 on login to admin

juleno · June 2, 2024, 2:01pm

My YunoHost server

Hardware: Old laptop
YunoHost version: 11.2.12
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:
If your request is related to an app, specify its name and version: qbittorrent (or any app behind sso)

Description of my issue

When trying to access the admin panel I get the following error on the admin login page.

Error: "403"
Action: "GET" /yunohost/api/installed?locale=en

I fixed it by allowing all local ip to access to the admin panel by modifying /etc/nginx/conf.d/yunohost_api.conf adding the following lines:

    allow 192.168.0.0/16;
    allow 10.0.0.0/8;
    allow 172.16.0.0/12;

just below allow <my personnal ip>.

Is there a better way to fix the problem ?

rodinux · June 2, 2024, 2:41pm

You can look if you have set secrurity webadmin allowlist true with

yunohost settings list

You should see something like

security.webadmin.webadmin_allowlist_enabled: 
  ask: Enable Webadmin IP allowlist
  value: no

or

value: yes

If it is enabled, only the IP address added can see the webadmin, in this case you should prefer add only your IP address…

To know your current IP addres you can use on your local computer

curl curl ifconfig.me

or to see the public IPv4 and the public IPv6

curl ipv4.lafibre.info/ip.php
curl ipv6.lafibre.info/ip.php

Then to add your IP, you can use

yunohost settings set security.webadmin.allowlist -v  <IP_ADDRESS>

Now if you want to temporally access to the webadmin without these rules, you can disallow this security webadmin allow list like this

yunohost settings set security.webadmin.allowlist.enabled -v False

To put it back or activate it:

yunohost settings set security.webadmin.allowlist.enabled -v True

juleno · June 2, 2024, 3:27pm

Thanks, my bad, I forgot that I enabled IP whitelist…
What’s strange is that I put my IP but it doesn’t work. (maybe because I used the script for installing a VPS but I’m selfhosting ?)

rodinux · June 2, 2024, 4:04pm

possibly, in that case perhaps you need allow your internal local IP…
I have test on my sever self-hosted, this work.
I have needed use my IPv6 because is the IP by default of my connexion with a 4G box…

system · July 2, 2024, 4:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.